Apple's handling of scary FaceTime bug shows that privacy is a right when it's good PR

In the span of about an hour last night, things went from bad to worse for Apple. What started with the report of a seemingly unbelievable bug ended with the disabling of one of the premium features of iOS 12 as Apple scrambled to save face and prevent an epic privacy snafu.

Here’s what happened: After a tip, 9to5Mac exposed a weird FaceTime bug that let callers eavesdrop on the people they were calling, whether or not the person on the other end picked up or was even aware a call was coming in. The process isn’t exactly easy, involving adding your own number to a Group FaceTime call after dialing, but it’s not something out of the realm of inadvertently implementing it either.

Plus, once it was out there, well, it was almost certain to be abused.

At first, Apple merely said they were aware of the bug and would be issuing a fix this week. Being that it was only Monday, that could be as many as five days, an eternity when a nasty bug is out in the wild. About a half hour later, Apple did the right thing: They disabled Group FaceTime via its servers so someone couldn’t test the bug even if they wanted to.

Apple

Group FaceTime has a serious bug that lets people spy on you with ease.

That’s the right thing to do. Coming on the heels of a utter refusal to admit that any range of bent iPads are unacceptable, Apple handled the FaceTime bug quickly and efficiently, and fully mitigated any embarrassing stories (other than the bug itself, of course). After all, updates are generally slow to promulgate, so waiting for 12.1.4 to land and then hoping people actually install it could take weeks, leaving a very serious bug on potentially millions of phones, iPads, and Macs.

Privacy and PR

So, let’s give Apple credit where it’s due. It shut down the root of the problem almost immediately and protected its users against nefarious activity. It took its lumps, didn’t make excuses, and sacrificed an important feature as a result. On the surface, it seems that Apple is putting the safety and security of its users ahead of its products.

Apple

The FaceTime bug affects all devices, even Macs.

But the question remains: How did it happen in the first place? Group FaceTime was delayed from the initial iOS 12 launch, so it’s not like Apple rushed things. And while it’s not an easy bug to duplicate, it’s also not a particularly intricate one, so Apple’s engineers should have spotted it before it released or at some point over the past three months since it’s been live.

It’s something of a trend at Apple that should have gone out of style by now. Last year, Apple dealt with so many high-profile iOS 11 and macOS High Sierra bugs that it promised it was “auditing our development processes to help prevent this from happening again.” A year later, it seems as though Apple hasn’t actually learned anything from its mistakes.

And what’s worse, Apple seems to have been alerted to this bug before it had a chance to spread around the interwebs. Mark Gurman of Bloomberg spotted a tweet posted on Jan. 20 by Twitter user MGT7 that describes this exact bug. The Arizona-based user tagged Apple Support in the tweet and said they submitted a bug report, so it’s likely someone at Apple saw it. And if they didn’t, why aren’t they taking every privacy complaint seriously, even if it’s from a faceless Twitter user?

Apple

Apple’s privacy stance seems to be a matter of PR, not protection.

So why didn’t Apple take action then? Or at least sooner than last night? Even if they didn’t take the report seriously, someone could have at least tried to replicate it. Had someone done so, it would have set off immediate alarm bells and Apple could have taken the appropriate action before it became headline news. This isn’t an autocorrect bug or a crashing message. It’s a serious flaw with massive privacy implications that could have had catastrophic results.

But the reality is Apple is the richest company in the world and privacy is primarily a PR move. While I believe that privacy does matter to Tim Cook and Apple, I also think the company’s profits and PR matter more, and assuming Apple knew about the bug before last night, it was hoping to skate by without needing to publicly disclose the FaceTime bug. And it may have been knowingly putting its customers at risk for weeks, if not months.

The irony of all this is that the bug was discovered on Data Privacy Day, which was marked with a tweet by CEO Tim Cook saying “The dangers are real and the consequences are too important.” It’s hard to argue with those words, especially when it’s your own iPhone that poses the danger.

Copyright 2019 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.